diff --git a/include/AclRule.h b/include/AclRule.h
index 966f77477f..914c79406b 100644
--- a/include/AclRule.h
+++ b/include/AclRule.h
@@ -272,6 +272,13 @@ private:
      *  Objects that cannot be used with the CLUSTER(%) selector
      */
     static const long long INVALID_CLUSTER_OBJECTS;
+
+    /**
+     *  Objects that cannot be used with the GROUP(@) selector
+     */
+    static const long long INVALID_GROUP_OBJECTS;
+
+    static const long long FEDERATED_OBJECTS;
 };
 
 #endif /*ACL_RULE_H*/
diff --git a/src/acl/AclRule.cc b/src/acl/AclRule.cc
index 935bc7ee72..c63c1ecce6 100644
--- a/src/acl/AclRule.cc
+++ b/src/acl/AclRule.cc
@@ -56,6 +56,14 @@ const long long AclRule::INVALID_CLUSTER_OBJECTS =
         PoolObjectSQL::TEMPLATE | PoolObjectSQL::GROUP | PoolObjectSQL::ACL |
         PoolObjectSQL::CLUSTER | PoolObjectSQL::DOCUMENT | PoolObjectSQL::ZONE;
 
+const long long AclRule::INVALID_GROUP_OBJECTS =
+        PoolObjectSQL::HOST | PoolObjectSQL::GROUP | PoolObjectSQL::CLUSTER |
+        PoolObjectSQL::ZONE;
+
+const long long AclRule::FEDERATED_OBJECTS =
+        PoolObjectSQL::USER | PoolObjectSQL::GROUP | PoolObjectSQL::ZONE |
+        PoolObjectSQL::ACL;
+
 /* -------------------------------------------------------------------------- */
 /* -------------------------------------------------------------------------- */
 
@@ -162,6 +170,21 @@ bool AclRule::malformed(string& error_str) const
             << PoolObjectSQL::type_to_str(PoolObjectSQL::NET) << " types";
     }
 
+    if ((resource & GROUP_ID) && (resource_type & INVALID_GROUP_OBJECTS))
+    {
+        if ( error )
+        {
+            oss << "; ";
+        }
+
+        error = true;
+        oss << "[resource] GROUP(@) selector cannot be applied to "
+            << PoolObjectSQL::type_to_str(PoolObjectSQL::HOST) << ", "
+            << PoolObjectSQL::type_to_str(PoolObjectSQL::GROUP) << ", "
+            << PoolObjectSQL::type_to_str(PoolObjectSQL::CLUSTER) << " or "
+            << PoolObjectSQL::type_to_str(PoolObjectSQL::ZONE) << " types";
+    }
+
     if ( (resource & 0xF00000000LL) == 0 )
     {
         if ( error )
@@ -293,6 +316,22 @@ bool AclRule::malformed(string& error_str) const
         oss << "when using the ALL bit, [zone] ID must be 0";
     }
 
+    if ((zone & ALL_ID) &&
+        (resource & INDIVIDUAL_ID) &&
+        ( (resource_type & FEDERATED_OBJECTS) != resource_type ) )
+    {
+        if ( error )
+        {
+            oss << "; ";
+        }
+
+        error = true;
+        oss << "[resource] INDIVIDUAL(#) selector cannot be applied "
+            << "to ALL zones, except for "
+            << PoolObjectSQL::type_to_str(PoolObjectSQL::USER) << ", "
+            << PoolObjectSQL::type_to_str(PoolObjectSQL::GROUP) << " and "
+            << PoolObjectSQL::type_to_str(PoolObjectSQL::ZONE) << " types";
+    }
 
     if ( error )
     {